AWS Native and Third-Party Tools: New White Paper Home Insights Blog AWS Native and Third-Party Tools: New White Paper November 14, 2019 AWS Native and Third-Party Tools: New White Paper Thanks in part to the ease of infrastructure implementation, public cloud service providers (CSPs) are quickly becoming more popular with enterprises. However, cybersecurity in the cloud is complex; while CSPs are responsible for the security “of” the cloud, you’re responsible for security “in” the cloud. Enterprises must still protect data and are responsible for the secure configuration of the resources provisioned. Despite the many advantages offered by CSPs there are intricacies and Amazon Web Services (AWS) users might have a host of questions. For instance: What tools does AWS offer to assess vulnerabilities and exposures? How easy or difficult is it to understand AWS security data? What gaps exist in AWS native tools? How do third-party tools work with AWS to augment and/or strengthen cloud security? We’ve developed IaaS Security – AWS Native and Third-Party Tools to help you better understand the cloud infrastructure assessment tools provided by AWS, Palo Alto Networks and Tenable. The paper offers tool-specific observations that allow security practitioners to understand the interdependencies of native and third-party infrastructure assessment tools and grasp the basics of configuration, key features, metrics, reports and other capabilities. This allows practitioners to make informed decisions about how and when to use which tools in their AWS-hosted environments. Some key takeaways: Manageability: For hybrid and multi-cloud environments, AWS lacks a single view in which to consolidate information. Third party tools help bridge this gap with consolidated views of the environment, helping speed up an understanding of enterprise risk. Security Standards: AWS offers the CIS Foundation Benchmark v1.2 while other solutions include a wider breath of standards. Palo Alto Networks Prisma Cloud includes compliance checks for: National Institute of Standards and Technology (NIST) SP 800-53, General Data Protection Regulation (GDPR), International Organization for Standardization (ISO)27001, PCI DSS and others. Auto-Remediation: AWS requires users to define several items before automated remediation can take place. Prisma, in comparison, offers remediation out of the box on some events and an interface to configure actions on existing or custom rules. Log Data: The setup time, configuration and initial ingestion of log data was notably longer for the third-party tools compared to AWS native tools. Prerequisites for Use of Third-Party Tools: Some AWS native services, such as CloudTrail, must be configured prior to the use of third-party cloud security platforms. Costs for both native and third-party tools apply. Threat Detection: Native and third-party tools use the same logs and various AWS services, but third-party solutions run AWS log data against their own detection technologies to identify inconsistencies that pose a risk. Both native and third-party approaches have distinct advantages and disadvantages at present. You should expect to use both native and third-party security solutions in concert for the foreseeable future, and this research paper provides a rich understanding of how this can be best accomplished. By: Optiv How Can We Help? Let us know what you need, and we will have an Optiv professional contact you shortly.